31. Enable IP spoofing protection
Prev Chapter 5. General System Security Next

31. Enable IP spoofing protection

The spoofing protection prevents your network from being the source of spoofed i.e. forged communications that are often used in DoS attacks.

Version 6.1 only

              [root@deep] /# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
              > echo 1 > $f
              > done
              

              [root@deep] /#

Add the above commands to the /etc/rc.d/rc.local script file and you'll not have to type it again the next time you reboot your system.

Version 6.2 only

Edit the /etc/sysctl.conf file and add the following line: 

              # Enable IP spoofing protection, turn on Source Address Verification
              net.ipv4.conf.all.rp_filter = 1

You must restart your network for the change to take effect. The command to manually restart the network is the following: 

              [root@deep] /# /etc/rc.d/init.d/network restart
              Setting network parameters	[  OK  ]
              Bringing up interface lo		[  OK  ]
              Bringing up interface eth0	[  OK  ]
              Bringing up interface eth1	[  OK  ]

Prev Up Next
30. Enable bad error message Protection Home 32. Log Spoofed, Source Routed and Redirect Packets